tech-invite   World Map     

IETF     RFCs     Groups     SIP     ABNFs    |    3GPP     Specs     Glossaries     Architecture     IMS     UICC    |    search     info

RFC 6615

 
 
 

Definitions of Managed Objects for IP Flow Information Export

Part 3 of 3, p. 56 to 65
Prev RFC Part

 


prevText      Top      Up      ToC       Page 56 
8.2.  IPFIX SELECTOR MIB Definition

   IPFIX-SELECTOR-MIB DEFINITIONS ::= BEGIN

   IMPORTS
       MODULE-IDENTITY, OBJECT-TYPE, mib-2
           FROM SNMPv2-SMI                              -- [RFC2578]
       TruthValue
           FROM SNMPv2-TC                               -- [RFC2579]
       MODULE-COMPLIANCE, OBJECT-GROUP
           FROM SNMPv2-CONF;                            -- [RFC2580]

   ipfixSelectorMIB MODULE-IDENTITY
       LAST-UPDATED "201206110000Z"         -- 11 June 2012
       ORGANIZATION "IETF IPFIX Working Group"
       CONTACT-INFO
           "WG charter:
             http://www.ietf.org/html.charters/ipfix-charter.html

           Mailing Lists:
             General Discussion: ipfix@ietf.org
             To Subscribe: http://www1.ietf.org/mailman/listinfo/ipfix
             Archive:
         http://www1.ietf.org/mail-archive/web/ipfix/current/index.html

           Editor:
             Thomas Dietz
             NEC Europe Ltd.
             NEC Laboratories Europe
             Network Research Division
             Kurfuersten-Anlage 36
             Heidelberg  69115
             Germany
             Phone: +49 6221 4342-128
             Email: Thomas.Dietz@neclab.eu

             Atsushi Kobayashi
             NTT Information Sharing Platform Laboratories
             3-9-11 Midori-cho
             Musashino-shi, Tokyo  180-8585
             Japan
             Phone: +81-422-59-3978
             Email: akoba@nttv6.net

             Benoit Claise
             Cisco Systems, Inc.
             De Kleetlaan 6a b1
             Diegem  1831

Top      Up      ToC       Page 57 
             Belgium
             Phone:  +32 2 704 5622
             Email: bclaise@cisco.com

             Gerhard Muenz
             Technische Universitaet Muenchen
             Department of Informatics
             Chair for Network Architectures and Services (I8)
             Boltzmannstr. 3
             Garching  85748
             Germany
             Email: muenz@net.in.tum.de"

       DESCRIPTION
           "The IPFIX SELECTOR MIB module defined in this section
           provides the standard Filtering and Sampling functions that
           can be referenced in the ipfixSelectionProcessTable.  All
           standard Filtering and Sampling functions MUST be registered
           in the subtree under object ipfixSelectorFunctions
           (1.3.6.1.2.1.194.1.1).  The top-level OIDs in the subtree
           under object ipfixSelectorFunctions MUST be registered in a
           sub-registry maintained by IANA at
           <http://www.iana.org/assignments/smi-numbers/>.

           New Selector Functions MUST be registered at IANA and are
           subject to Expert Review [RFC5226], i.e., review by one of a
           group of experts designated by an IETF Area Director.  The
           group of experts MUST check the requested MIB objects for
           completeness and accuracy of the description.  Requests for
           MIB objects that duplicate the functionality of existing
           objects SHOULD be declined.  The smallest available OID
           SHOULD be assigned to new MIB objects.  The specification
           of new MIB objects SHOULD follow the structure specified in
           [RFC6615] and MUST be published using a well-
           established and persistent publication medium.  The experts
           will initially be drawn from the Working Group Chairs and
           document editors of the IPFIX and PSAMP Working Groups.

           Copyright (c) 2012 IETF Trust and the persons identified as
           authors of the code.  All rights reserved.

           Redistribution and use in source and binary forms, with or
           without modification, is permitted pursuant to, and subject
           to the license terms contained in, the Simplified BSD
           License set forth in Section 4.c of the IETF Trust's
           Legal Provisions Relating to IETF Documents
           (http://trustee.ietf.org/license-info)."

Top      Up      ToC       Page 58 
   --  Revision history

       REVISION     "201206110000Z"         -- 11 June 2012
       DESCRIPTION
           "Update to MIB description to reflect updated registration
           of new Sampling and Filtering functions.  Published as
           RFC 6615."

       REVISION     "201003150000Z"         -- 15 March 2010
       DESCRIPTION
           "Initial version, published as RFC 5815."

       ::= { mib-2 194 }

   --******************************************************************
   -- Top-Level Structure of the MIB
   --******************************************************************

   ipfixSelectorObjects     OBJECT IDENTIFIER
       ::= { ipfixSelectorMIB 1 }
   ipfixSelectorConformance OBJECT IDENTIFIER
       ::= { ipfixSelectorMIB 2 }

   --==================================================================
   -- 1: Objects Used by All IPFIX Implementations
   --==================================================================
   --------------------------------------------------------------------
   -- 1.1: Packet Selector Functions for IPFIX
   --------------------------------------------------------------------
   ipfixSelectorFunctions OBJECT IDENTIFIER
       ::= { ipfixSelectorObjects 1 }

   --------------------------------------------------------------------
   -- 1.1.1: Function 1: Selecting All Packets
   --------------------------------------------------------------------
   ipfixFuncSelectAll OBJECT IDENTIFIER
       ::= { ipfixSelectorFunctions 1 }

   ipfixFuncSelectAllAvail OBJECT-TYPE
       SYNTAX      TruthValue
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "This object indicates the availability of the trivial
           function of selecting all packets.  This function is always
           available."
       ::= { ipfixFuncSelectAll 1 }

Top      Up      ToC       Page 59 
   --==================================================================
   -- 2: Conformance Information
   --==================================================================
   ipfixSelectorCompliances OBJECT IDENTIFIER
       ::= { ipfixSelectorConformance 1 }
   ipfixSelectorGroups      OBJECT IDENTIFIER
       ::= { ipfixSelectorConformance 2 }

   --------------------------------------------------------------------
   -- 2.1: Compliance Statements
   --------------------------------------------------------------------
   ipfixSelectorBasicCompliance MODULE-COMPLIANCE
       STATUS      current
       DESCRIPTION
           "An implementation that builds an IPFIX Exporter that
           complies with this module MUST implement the objects defined
           in the mandatory group ipfixBasicGroup.  The implementation
           of all other objects depends on the implementation of the
           corresponding functionality in the equipment."
       MODULE  -- this module
       MANDATORY-GROUPS {
               ipfixSelectorBasicGroup
       }
       ::= { ipfixSelectorCompliances 1 }

   --------------------------------------------------------------------
   -- 2.2: MIB Grouping
   --------------------------------------------------------------------
   ipfixSelectorBasicGroup OBJECT-GROUP
       OBJECTS {
           ipfixFuncSelectAllAvail
       }
       STATUS      current
       DESCRIPTION
           "The main IPFIX objects."
       ::= { ipfixSelectorGroups 1 }

   END

Top      Up      ToC       Page 60 
9.  Security Considerations

   There are no management objects defined in this MIB module that have
   a MAX-ACCESS clause of read-write and/or read-create.  So, if this
   MIB module is implemented correctly, then there is no risk that an
   intruder can alter or create any management objects of this MIB
   module via direct SNMP SET operations.

   Some of the readable objects in this MIB module (i.e., objects with a
   MAX-ACCESS other than not-accessible) may be considered sensitive or
   vulnerable in some network environments.  It is thus important to
   control even GET and/or NOTIFY access to these objects and possibly
   to even encrypt the values of these objects when sending them over
   the network via SNMP.  These are the tables and objects and their
   sensitivity/vulnerability:

   o  ipfixTransportSessionTable - contains configuration data that
      might be sensitive because objects in this table may reveal
      information about the network infrastructure

   o  ipfixExportTable - contains configuration data that might be
      sensitive because objects in this table may reveal information
      about the network infrastructure as well

   o  ipfixMeteringProcessTable - contains configuration data that might
      be sensitive because objects in this table may reveal information
      about the IPFIX Device itself

   o  ipfixObservationPointTable - contains configuration data that
      might be sensitive because objects in this table may reveal
      information about the IPFIX Device itself and the network
      infrastructure

   o  ipfixSelectorFunctions - currently contains no sensitive data but
      might want to be secured anyway, since it may contain sensitive
      data in a future version

   All other objects and tables contain no data that is considered
   sensitive.

   SNMP versions prior to SNMPv3 did not include adequate security.
   Even if the network itself is secure (for example by using IPsec),
   there is no control as to who on the secure network is allowed to
   access and GET/SET (read/change/create/delete) the objects in this
   MIB module.

Top      Up      ToC       Page 61 
   Implementations MUST provide the security features described by the
   SNMPv3 framework (see [RFC3410]), including full support for
   authentication and privacy via the User-based Security Model (USM)
   [RFC3414] with the AES cipher algorithm [RFC3826].  Implementations
   MAY also provide support for the Transport Security Model (TSM)
   [RFC5591] in combination with a secure transport such as SSH
   [RFC5592] or TLS/DTLS [RFC6353].

   Further, deployment of SNMP versions prior to SNMPv3 is NOT
   RECOMMENDED.  Instead, it is RECOMMENDED to deploy SNMPv3 and to
   enable cryptographic security.  It is then a customer/operator
   responsibility to ensure that the SNMP entity giving access to an
   instance of this MIB module is properly configured to give access to
   the objects only to those principals (users) that have legitimate
   rights to indeed GET or SET (change/create/delete) them.

10.  IANA Considerations

   The MIB module in this document uses the following IANA-assigned
   OBJECT IDENTIFIER values recorded in the SMI Numbers registry:

           Descriptor        OBJECT IDENTIFIER value
           ----------        -----------------------
           ipfixMIB          { mib-2 193 }
           ipfixSelectorMIB  { mib-2 194 }

   The IPFIX SELECTOR MIB registry as defined in [RFC5815] Section 10
   has been removed by IANA, as its use is discontinued with this
   document.

   IANA has created and maintains a sub-registry at
   http://www.iana.org/assignments/smi-numbers, in which the top-level
   OIDs in the subtree under object ipfixSelectorFunctions MUST be
   registered.  The initial version of this sub-registry should contain
   the following:

   Sub-registry Name: IPFIX-SELECTOR-MIB Functions
   Reference: [RFC6615]
   Registration Procedures: Expert Review [RFC5226]

   Prefix: iso.org.dod.internet.mgmt.
   mib-2.ipfixSelectorMIB.ipfixSelectorObjects.ipfixSelectorFunctions
   (1.3.6.1.2.1.194.1.1)

   Decimal   Name                 Description            Reference
   -------   ------------------   -----------------      ---------
        1    ipfixFuncSelectAll   Select everything      [RFC6615]

Top      Up      ToC       Page 62 
   Additions to this sub-registry are subject to Expert Review
   [RFC5226], i.e., review by one of a group of experts designated by an
   IETF Area Director.  The group of experts MUST check the requested
   MIB objects for completeness and accuracy of the description.
   Requests for MIB objects that duplicate the functionality of existing
   objects SHOULD be declined.  The smallest available OID SHOULD be
   assigned to new MIB objects.  The specification of new MIB objects
   SHOULD follow the structure specified in Section 6.1 and MUST be
   published using a well-established and persistent publication medium.
   The experts will initially be drawn from the Working Group Chairs and
   document editors of the IPFIX and PSAMP Working Groups.

11.  Acknowledgments

   This document is a product of the IPFIX Working Group.  The authors
   would like to thank the following persons: Paul Aitken for his
   detailed review, Dan Romascanu and the MIB doctors, and many more,
   for their technical reviews and feedback.

12.  References

12.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC2578]  McCloghrie, K., Ed., Perkins, D., Ed., and J.
              Schoenwaelder, Ed., "Structure of Management Information
              Version 2 (SMIv2)", STD 58, RFC 2578, April 1999.

   [RFC2579]  McCloghrie, K., Ed., Perkins, D., Ed., and J.
              Schoenwaelder, Ed., "Textual Conventions for SMIv2",
              STD 58, RFC 2579, April 1999.

   [RFC2580]  McCloghrie, K., Ed., Perkins, D., Ed., and J.
              Schoenwaelder, Ed., "Conformance Statements for SMIv2",
              STD 58, RFC 2580, April 1999.

   [RFC2863]  McCloghrie, K. and F. Kastenholz, "The Interfaces Group
              MIB", RFC 2863, June 2000.

   [RFC3873]  Pastor, J. and M. Belinchon, "Stream Control Transmission
              Protocol (SCTP) Management Information Base (MIB)",
              RFC 3873, September 2004.

   [RFC4001]  Daniele, M., Haberman, B., Routhier, S., and J.
              Schoenwaelder, "Textual Conventions for Internet Network
              Addresses", RFC 4001, February 2005.

Top      Up      ToC       Page 63 
   [RFC4133]  Bierman, A. and K. McCloghrie, "Entity MIB (Version 3)",
              RFC 4133, August 2005.

   [RFC5101]  Claise, B., Ed., "Specification of the IP Flow Information
              Export (IPFIX) Protocol for the Exchange of IP Traffic
              Flow Information", RFC 5101, January 2008.

   [RFC5102]  Quittek, J., Bryant, S., Claise, B., Aitken, P., and J.
              Meyer, "Information Model for IP Flow Information Export",
              RFC 5102, January 2008.

   [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
              IANA Considerations Section in RFCs", BCP 26, RFC 5226,
              May 2008.

   [RFC5815]  Dietz, T., Ed., Kobayashi, A., Claise, B., and G. Muenz,
              "Definitions of Managed Objects for IP Flow Information
              Export", RFC 5815, April 2010.

12.2.  Informative References

   [RFC3410]  Case, J., Mundy, R., Partain, D., and B. Stewart,
              "Introduction and Applicability Statements for Internet-
              Standard Management Framework", RFC 3410, December 2002.

   [RFC3414]  Blumenthal, U. and B. Wijnen, "User-based Security Model
              (USM) for version 3 of the Simple Network Management
              Protocol (SNMPv3)", STD 62, RFC 3414, December 2002.

   [RFC3826]  Blumenthal, U., Maino, F., and K. McCloghrie, "The
              Advanced Encryption Standard (AES) Cipher Algorithm in the
              SNMP User-based Security Model", RFC 3826, June 2004.

   [RFC3917]  Quittek, J., Zseby, T., Claise, B., and S. Zander,
              "Requirements for IP Flow Information Export (IPFIX)",
              RFC 3917, October 2004.

   [RFC5470]  Sadasivan, G., Brownlee, N., Claise, B., and J. Quittek,
              "Architecture for IP Flow Information Export", RFC 5470,
              March 2009.

   [RFC5472]  Zseby, T., Boschi, E., Brownlee, N., and B. Claise, "IP
              Flow Information Export (IPFIX) Applicability", RFC 5472,
              March 2009.

   [RFC5474]  Duffield, N., Ed., Chiou, D., Claise, B., Greenberg, A.,
              Grossglauser, M., and J. Rexford, "A Framework for Packet
              Selection and Reporting", RFC 5474, March 2009.

Top      Up      ToC       Page 64 
   [RFC5475]  Zseby, T., Molina, M., Duffield, N., Niccolini, S., and F.
              Raspall, "Sampling and Filtering Techniques for IP Packet
              Selection", RFC 5475, March 2009.

   [RFC5476]  Claise, B., Ed., Johnson, A., and J. Quittek, "Packet
              Sampling (PSAMP) Protocol Specifications", RFC 5476,
              March 2009.

   [RFC5591]  Harrington, D. and W. Hardaker, "Transport Security Model
              for the Simple Network Management Protocol (SNMP)",
              RFC 5591, June 2009.

   [RFC5592]  Harrington, D., Salowey, J., and W. Hardaker, "Secure
              Shell Transport Model for the Simple Network Management
              Protocol (SNMP)", RFC 5592, June 2009.

   [RFC6353]  Hardaker, W., "Transport Layer Security (TLS) Transport
              Model for the Simple Network Management Protocol (SNMP)",
              RFC 6353, July 2011.

Top      Up      ToC       Page 65 
Authors' Addresses

   Thomas Dietz (editor)
   NEC Europe Ltd.
   NEC Laboratories Europe
   Network Research Division
   Kurfuersten-Anlage 36
   Heidelberg  69115
   DE

   Phone: +49 6221 4342-128
   EMail: Thomas.Dietz@neclab.eu


   Atsushi Kobayashi
   NTT Information Sharing Platform Laboratories
   3-9-11 Midori-cho
   Musashino-shi, Tokyo  180-8585
   JA

   Phone: +81-422-59-3978
   EMail: akoba@nttv6.net


   Benoit Claise
   Cisco Systems, Inc.
   De Kleetlaan 6a b1
   Diegem  1831
   BE

   Phone: +32 2 704 5622
   EMail: bclaise@cisco.com


   Gerhard Muenz
   Technische Universitaet Muenchen
   Department of Informatics
   Chair for Network Architectures and Services (I8)
   Boltzmannstr. 3
   Garching  85748
   DE

   EMail: muenz@net.in.tum.de